x

GDPR - The New Cookie Banner Has a MAJOR FLAW

EDITED TO ADD: MAJOR FLAW

Regardless of if one clicks "I Accept" on the cookie banner or not, navigation is still possible on the site, AND even WORSE, when revisiting the site, THE BANNER DOES NOT REAPPEAR, FALSELY ASSUMING THAT THE USER HAS AFFIRMATIVELY ACCEPTED COOKIES WHEN THIS IS NOT THE CASE.

THIS NEEDS TO BE FIXED IMMEDIATELY.

Orignal post below:

________________________________________________________________________

I understand that the text may not be editable if you are trying to remain consistent across various languages. However, I should be given the option.

Secondly, the only options now are to have this cookie banner for "EU Users" or "Everyone".

While there is the ability to link to my own privacy page (see below), I no longer have the ability to place this banner on the top of my site like I was able to before. This functionality needs to be restored.

https://www.turnipseedtravel.com/disclaimers-privacy-cookies.html

Thirdly, when the text was customizable, I was able to use the cookie banner to also disclose that we have a privacy policy. As we are now required to have one, it would make sense for the cookie banner to remain the place that this is disclosed. 

Lastly, there does not appear to be a way where users can say no to the use of cookies yet continue using the site. That seems to go against GDPR.

3,405 Views
Message 1 of 40
Report
39 REPLIES 39

There also isn't an option to disable/customize the banner and the opt-out element in case you provide your own techniques...

2,906 Views
Message 15 of 40
Report
Square

The banner is currently set to re-appear after one hour if it wasn't accepted. If someone doesn't accept the banner no cookies will be set when they navigate the site until they do. I believe if someone closes the browser tab or quits their browser this will also make the banner show again.

2,890 Views
Message 15 of 40
Report

The new cookie notification banner is not GDPR compliant in my opinion:

The cookie notification bar has to be displayed on every page as long as the visitor does not click "I accept". It has to be possible that the visitor follows the link "cookie policy", read that page and decide afterwards if he wants to accept or leave the website.

At the moment the notification disappears as soon as a visitor switches to another page (eg. to read the cookie policy) and he cannot accept it anymore. This means also that he will not be able to opt-out of my Google Analytics because the opt-out cookie can not be set.

Weebly does not allow the visitor to read the cookie policy before he accepts it:

A visitor can only

1) accept it "blindly" 

or

2) read the cookie policy without being able to accept it after reading (which means he will then not be able to set the Google Analytics opt out cookie)

Both options are not GDPR compliant in my opinion.

2,853 Views
Message 15 of 40
Report

@sailingteam 100% correct. 

2,847 Views
Message 15 of 40
Report

@Adam I'm sorry to say that what you replied with isn't reality. Cookies are set regardless of banner acceptance. I don't just believe this. I've tested it. Multiple times, multiple browsers. When reopening the site, the banner does not reappear. Because those cookies have been set. Unless something has changed in the last hour.

Affirmative consent means that you cannot place cookies until acceptance.

2,847 Views
Message 15 of 40
Report

One of the basic requirements of a GDPR cookie banner is that it allows the visitor to opt to turn off cookies, and know they have opted to turn off cookies. This fails to do that. The wording also implies that every weebly site is monitoring people for marketing purposes. This is plainly NOT true and the fact we cannot change the text to reflect this makes the whole thing deceptive and very much NOT in the spirit of GDPR. The inability to edit the wording has another great problem, that is sites in other languages. I believe some countries have penalties for not using the native language on a website. How do these people avoid problems?

2,854 Views
Message 15 of 40
Report
Square

There are a few cookies that are necessary for the function a site. This is in compliance with GDPR. There are no marketing or analytics cookies that are set until express permission is given.

2,837 Views
Message 15 of 40
Report

@Adam as I explained above: permission/consent (as the GDPR demands) cannot be given with this banner, because the banner disappears before visitors could click "I accept". (weebly cannot expect every new visitor to click "accept" blindly and only on the first page: that would be against the intention of GDPR)

By not being able to accept the cookie policy properly, the visitors also cannot opt-out of my Google Analytics because weebly blocks javascript:gaOptout() 

The blocking of opt-outs (analytics) is a violation of the GDPR in my opinion. Weebly should offer opt-outs, not block them to make visitors prey to tracking. It is a contradiction that weebly demands from visitors that they first accept ALL cookies just to be able to opt out of Google Analytics.

To block javascript:gaOptout() is not compliant to GDPR! 

First of all it would be necessary to show the new banner as long as a visitor does not click "I accept". A visitor can not know that this banner is only shown 1 time and will never reappear and also he can not know that following the link to the cookie policy will avoid opting out google analytics. 

As you can see on my site I have now two cookie banners because my "old" one is GDPR compliant.

2,828 Views
Message 15 of 40
Report

A have to add: I just checked that GA thing right now again and there seems a change was made. GA does not track as long as the visitor does not "accept". As soon he accepts, he can opt out again in the cookie policy. This is how it should be and I hope this will stay.
2,829 Views
Message 15 of 40
Report

I suspect Weebly will merely continue to plough their own furrow, whatever that may be. As regards possible prosecution of site owners for GDPR infringements, I think the fact we can't do anything about changing the wording or operation of the cookie banner probably gives us a "good excuse", (at least here in the UK) and buys us some time to migrate elsewhere. My own replacement site is in development as we speak and will be transferred to ASAP, despite the attendant SEO impact. What I fail to understand is why they should do this immediately after their acquisition by Square. Square are a US domiciled e-commerce business who are clearly trying to penetrate the UK and EU markets in a highly regulated and competitive environment. The acquisition of Weebly with its expertise in online shopping is clearly part of this strategy. Maybe I'm wrong, but I assume that this would be a time to culture rather than antagonise UK and EU regulators, but then again, what do I know?

3,266 Views
Message 15 of 40
Report

I think we should leave here immediately. Weebly does not care about EU client businesses which may be in serious trouble with the current cookie banner text to start with. I don't think customer support here knows that cookie banner texts CANNOT be STANDARD, and until they lose EU clients the privacy/legal team won't be bothered.

3,241 Views
Message 15 of 40
Report
Square

Thank you, everyone, for providing your feedback regarding this. The best place to submit your questions and concerns is going to be through a support ticket. Each and every GDPR related ticket is submitted directly to our policy team. If you have submitted a ticket you can let us know the ticket number and we can verify if it has been escalated.

3,209 Views
Message 15 of 40
Report

Please make this OBVIOUS on the cookie banner. The current arrangement is a dog's breakfast of guesswork and the wording is practically guaranteed to makes potential customers wary of all of us for no reason. Is this a way to treat your customers? It's only a matter of time before the various national regulators pick up on this and how they choose to handle it is completely up to them.

3,198 Views
Message 15 of 40
Report

I totally agree this cookie opt in/out option has not been thought through properly, I was surprised to see how this works on my website. To bad we are just learning about this now the day before it is supposed to go into law.

I have put the 'Cookie Opt Out' button on my privacy policy page, I can't believe a customer can go to this page and see they have automatically opted out without having a chance to opt in. This is totally confusing, so where is the button that allows them to opt in? It seems to be gone for good once they opt out (Without even clicking the opt out option).

Totally agree with @SBband. Who at Weebly came up with the wording 'marketing purposes' on the cookie policy. I have been on loads of UK websites and I have never seen that wording on their cookie policies before. It makes it sound like my website has been designed for that purpose. Totally doesn't make sense to use this wording and with no option to change it... REALLY WEEBLY? SORT THIS OUT!

3,273 Views
Message 18 of 40
Report

Today I found out about the next bug:

The new banner is not displayed on the screen on mobile devices (seems because I use an "old" non-responsive theme). Its only displayed in the footer area after a lot of scrolling - not GDPR compliant.
I guess it is useless to complain about that - the answer would be "just invest some weeks of time and work and create a new responsive website".
3,265 Views
Message 19 of 40
Report

Exactly my feelings. My "new responsive website" is in development on another platform as we speak.

3,258 Views
Message 19 of 40
Report

Weebly's STANDARD cookie banner text is causing your EU clients a lot of legal and commercial risks.

You are basically telling your client's visitors what your client is targeting with cookies, which is totally unacceptable. 

We do not do what you claim we do with the cookies. We have not authorized Weebly to tell things on behalf of us.

You do not have the right to push this text to every website as every business' cookie practices are different. 

A Cookie Banner Text CANNOT be be standard. You need to enable customization immediately (as was available before).

3,247 Views
Message 19 of 40
Report

This is happening to us, too, BUT what is happening now is, ALL COOKIES ARE BEING BLOCKED EVEN IF THEY CLICKED "I ACCEPT."

All EU visitors can no longer log in, total fail.

3,192 Views
Message 41 of 40
Report

Hello everyone, yes, it's quite distressing being locked out of your own website through no fault of your own.  After endless emails and live chats with Weebly over the last two days I think they might be starting to take this serviously. I have all fingers crossed that their Senior Support Team will manage to fix things in the near future and we will all be able to relax and enjoy looking at and adding to the fruits of our labours.  

3,173 Views
Message 41 of 40
Report
Square

@eric_shawn @UK-resident You both are having trouble logging into Weebly? Do you have ticket numbers so I can get caught up? 

1,900 Views
Message 41 of 40
Report